US Report: Security bug found in NT

A bug that allows users on a Windows NT network to usurp the privileges of a system administrator, could give other users more access to the system allowing them to alter the system and change passwords.

The bug, discovered recently by an Indian team and reported Friday to Microsoft by Mark Edwards, a security consultant, has the same effects as a bug discovered last year, but Microsoft spokespeople say the two bugs are unrelated. Microsoft says it will release a fix Monday evening.

Despite the potential harm that could be inflicted by someone who takes advantage of such a flaw, the software giant downplayed the security risks of the new bug. A Microsoft official emphasised the hole can only be exploited by a user with an account on, and physical access to, a local network run on Windows NT. Microsoft also denied that the "issue" could be taken advantage of over the Internet. "It's automatically limited in scope," said Karan Khanna, product manager with the Windows NT security group. "You have to have a valid user account, and if you have [that]... you have to have local rights and physical access."

The flaw is activated by a piece of software a user can run after logging onto an NT network locally. A security hole discovered last year also allowed users to impersonate system administrator privileges, but that bug operated in completely different fashion, Khanna said.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.